May 9, 2017—KB4019474 (OS Build 10240.17394)

May 9, 2017—KB4019474 OS Build 10240.17394 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports...

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...

Microsoft Edge asm.js Type Confusion (CVE-2017-0093)

A type confusion vulnerability has been reported in Microsoft Edge Scripting Engine. The vulnerability is due to improper parsing of eval function arguments when it accesses an asm.js function. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-05768)

Microsoft Edge is the web browser built into the Windows 10 version. A memory corruption vulnerability exists in the way the Microsoft browser handles in-memory objects in the scripting engine presentation, which can be exploited by an attacker to execute arbitrary code and corrupt memory...

Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-05770)

Internet Explorer is a web browser from Microsoft. A memory corruption vulnerability exists in the way Internet Explorer handles memory objects in the JScript/VBScript engine presentation, which can be exploited by an attacker to execute arbitrary code...

Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CNVD-2017-05508)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from a Scripting Engine Information Disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...

Microsoft Windows Multiple Vulnerabilities (KB4015217)

This host is missing an important security update according to Microsoft Security update KB4015217. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2017-0208

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine...

CVE-2017-0158

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."...

Information disclosure

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine...

CVE-2017-0093

A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,...

CVE-2017-0208

CVE-2017-0208 describes an information disclosure in Microsoft Edge (Chakra scripting engine) caused by improper handling of in-memory objects. The vulnerability could allow an attacker to obtain information to further compromise the system. Documents confirm the issue is tied to the Scripting En...

Microsoft Windows Scripting Engine Remote Code Execution Vulnerability (KB4015067)

This host is missing an important security update according to Microsoft April 2017 Security Update KB4015067. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

Microsoft Windows Monthly Rollup (KB4015550)

This host is missing a monthly rollup according to Microsoft KB4015550. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4015583)

This host is missing an important security update according to Microsoft security update KB4015067. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Windows Multiple Vulnerabilities (KB4015219)

This host is missing an important security update according to Microsoft security update KB4015219. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Windows Monthly Rollup (KB4015551)

This host is missing a monthly rollup according to Microsoft KB4015551. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Monthly Rollup (KB4015549)

This host is missing a monthly rollup according to Microsoft security update KB4015549. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

KB4015067: Security Update for the Scripting Engine Memory Corruption Vulnerability (April 2017)

The remote Windows host is missing security update KB4015067. It is, therefore, affected by a flaw in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially...

Security update for the Scripting Engine Memory Corruption Vulnerability in Windows Server 2008: May 9, 2017

Security update for the Scripting Engine Memory Corruption Vulnerability in Windows Server 2008: May 9, 2017 Summary A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory when the engine is rendered in Internet Explorer. In a web-based attack...